// middleware/auth.js
const jwt = require('jsonwebtoken');
// const key = 'Yangjunjwt123456'; // 确保与生成JWT时使用的密钥一致
const key = "Yangjunjwt123456"; // 秘钥
const verifyToken = (req, res, next) => {
  const token = req.headers['authorization'];
  if (!token) {
    return res.status(401).json({ message: '没有提供token' });
  }

  try {
    const decoded = jwt.verify(token, key);
    req.userId = decoded.userId; // 将用户ID存储在请求对象中
    next();
  } catch (error) {
    return res.status(403).json({ message: 'auth无效的token' });
  }
};

module.exports = verifyToken;
